xref: /openbmc/linux/net/bridge/br_vlan.c (revision 78851988) 
1 #include <linux/kernel.h>
2 #include <linux/netdevice.h>
3 #include <linux/rtnetlink.h>
4 #include <linux/slab.h>
5 
6 #include "br_private.h"
7 
8 static int __vlan_add(struct net_port_vlans *v, u16 vid)
9 {
10 	int err;
11 
12 	if (test_bit(vid, v->vlan_bitmap))
13 		return -EEXIST;
14 
15 	if (v->port_idx && vid) {
16 		struct net_device *dev = v->parent.port->dev;
17 
18 		/* Add VLAN to the device filter if it is supported.
19 		 * Stricly speaking, this is not necessary now, since devices
20 		 * are made promiscuous by the bridge, but if that ever changes
21 		 * this code will allow tagged traffic to enter the bridge.
22 		 */
23 		if (dev->features & NETIF_F_HW_VLAN_FILTER) {
24 			err = dev->netdev_ops->ndo_vlan_rx_add_vid(dev, vid);
25 			if (err)
26 				return err;
27 		}
28 	}
29 
30 	set_bit(vid, v->vlan_bitmap);
31 	v->num_vlans++;
32 	return 0;
33 }
34 
35 static int __vlan_del(struct net_port_vlans *v, u16 vid)
36 {
37 	if (!test_bit(vid, v->vlan_bitmap))
38 		return -EINVAL;
39 
40 	if (v->port_idx && vid) {
41 		struct net_device *dev = v->parent.port->dev;
42 
43 		if (dev->features & NETIF_F_HW_VLAN_FILTER)
44 			dev->netdev_ops->ndo_vlan_rx_kill_vid(dev, vid);
45 	}
46 
47 	clear_bit(vid, v->vlan_bitmap);
48 	v->num_vlans--;
49 	if (bitmap_empty(v->vlan_bitmap, BR_VLAN_BITMAP_LEN)) {
50 		if (v->port_idx)
51 			rcu_assign_pointer(v->parent.port->vlan_info, NULL);
52 		else
53 			rcu_assign_pointer(v->parent.br->vlan_info, NULL);
54 		kfree_rcu(v, rcu);
55 	}
56 	return 0;
57 }
58 
59 static void __vlan_flush(struct net_port_vlans *v)
60 {
61 	bitmap_zero(v->vlan_bitmap, BR_VLAN_BITMAP_LEN);
62 	if (v->port_idx)
63 		rcu_assign_pointer(v->parent.port->vlan_info, NULL);
64 	else
65 		rcu_assign_pointer(v->parent.br->vlan_info, NULL);
66 	kfree_rcu(v, rcu);
67 }
68 
69 /* Strip the tag from the packet.  Will return skb with tci set 0.  */
70 static struct sk_buff *br_vlan_untag(struct sk_buff *skb)
71 {
72 	if (skb->protocol != htons(ETH_P_8021Q)) {
73 		skb->vlan_tci = 0;
74 		return skb;
75 	}
76 
77 	skb->vlan_tci = 0;
78 	skb = vlan_untag(skb);
79 	if (skb)
80 		skb->vlan_tci = 0;
81 
82 	return skb;
83 }
84 
85 struct sk_buff *br_handle_vlan(struct net_bridge *br,
86 			       const struct net_port_vlans *pv,
87 			       struct sk_buff *skb)
88 {
89 	u16 vid;
90 
91 	if (!br->vlan_enabled)
92 		goto out;
93 
94 	/* At this point, we know that the frame was filtered and contains
95 	 * a valid vlan id.  If the vlan id matches the pvid of current port
96 	 * send untagged; otherwise, send taged.
97 	 */
98 	br_vlan_get_tag(skb, &vid);
99 	if (vid == br_get_pvid(pv))
100 		skb = br_vlan_untag(skb);
101 	else {
102 		/* Egress policy says "send tagged".  If output device
103 		 * is the  bridge, we need to add the VLAN header
104 		 * ourselves since we'll be going through the RX path.
105 		 * Sending to ports puts the frame on the TX path and
106 		 * we let dev_hard_start_xmit() add the header.
107 		 */
108 		if (skb->protocol != htons(ETH_P_8021Q) &&
109 		    pv->port_idx == 0) {
110 			/* vlan_put_tag expects skb->data to point to
111 			 * mac header.
112 			 */
113 			skb_push(skb, ETH_HLEN);
114 			skb = __vlan_put_tag(skb, skb->vlan_tci);
115 			if (!skb)
116 				goto out;
117 			/* put skb->data back to where it was */
118 			skb_pull(skb, ETH_HLEN);
119 			skb->vlan_tci = 0;
120 		}
121 	}
122 
123 out:
124 	return skb;
125 }
126 
127 /* Called under RCU */
128 bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v,
129 			struct sk_buff *skb, u16 *vid)
130 {
131 	/* If VLAN filtering is disabled on the bridge, all packets are
132 	 * permitted.
133 	 */
134 	if (!br->vlan_enabled)
135 		return true;
136 
137 	/* If there are no vlan in the permitted list, all packets are
138 	 * rejected.
139 	 */
140 	if (!v)
141 		return false;
142 
143 	if (br_vlan_get_tag(skb, vid)) {
144 		u16 pvid = br_get_pvid(v);
145 
146 		/* Frame did not have a tag.  See if pvid is set
147 		 * on this port.  That tells us which vlan untagged
148 		 * traffic belongs to.
149 		 */
150 		if (pvid == VLAN_N_VID)
151 			return false;
152 
153 		/* PVID is set on this port.  Any untagged ingress
154 		 * frame is considered to belong to this vlan.
155 		 */
156 		__vlan_hwaccel_put_tag(skb, pvid);
157 		return true;
158 	}
159 
160 	/* Frame had a valid vlan tag.  See if vlan is allowed */
161 	if (test_bit(*vid, v->vlan_bitmap))
162 		return true;
163 
164 	return false;
165 }
166 
167 /* Called under RCU. */
168 bool br_allowed_egress(struct net_bridge *br,
169 		       const struct net_port_vlans *v,
170 		       const struct sk_buff *skb)
171 {
172 	u16 vid;
173 
174 	if (!br->vlan_enabled)
175 		return true;
176 
177 	if (!v)
178 		return false;
179 
180 	br_vlan_get_tag(skb, &vid);
181 	if (test_bit(vid, v->vlan_bitmap))
182 		return true;
183 
184 	return false;
185 }
186 
187 /* Must be protected by RTNL */
188 int br_vlan_add(struct net_bridge *br, u16 vid)
189 {
190 	struct net_port_vlans *pv = NULL;
191 	int err;
192 
193 	ASSERT_RTNL();
194 
195 	pv = rtnl_dereference(br->vlan_info);
196 	if (pv)
197 		return __vlan_add(pv, vid);
198 
199 	/* Create port vlan infomration
200 	 */
201 	pv = kzalloc(sizeof(*pv), GFP_KERNEL);
202 	if (!pv)
203 		return -ENOMEM;
204 
205 	pv->parent.br = br;
206 	err = __vlan_add(pv, vid);
207 	if (err)
208 		goto out;
209 
210 	rcu_assign_pointer(br->vlan_info, pv);
211 	return 0;
212 out:
213 	kfree(pv);
214 	return err;
215 }
216 
217 /* Must be protected by RTNL */
218 int br_vlan_delete(struct net_bridge *br, u16 vid)
219 {
220 	struct net_port_vlans *pv;
221 
222 	ASSERT_RTNL();
223 
224 	pv = rtnl_dereference(br->vlan_info);
225 	if (!pv)
226 		return -EINVAL;
227 
228 	__vlan_del(pv, vid);
229 	return 0;
230 }
231 
232 void br_vlan_flush(struct net_bridge *br)
233 {
234 	struct net_port_vlans *pv;
235 
236 	ASSERT_RTNL();
237 
238 	pv = rtnl_dereference(br->vlan_info);
239 	if (!pv)
240 		return;
241 
242 	__vlan_flush(pv);
243 }
244 
245 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
246 {
247 	if (!rtnl_trylock())
248 		return restart_syscall();
249 
250 	if (br->vlan_enabled == val)
251 		goto unlock;
252 
253 	br->vlan_enabled = val;
254 
255 unlock:
256 	rtnl_unlock();
257 	return 0;
258 }
259 
260 /* Must be protected by RTNL */
261 int nbp_vlan_add(struct net_bridge_port *port, u16 vid)
262 {
263 	struct net_port_vlans *pv = NULL;
264 	int err;
265 
266 	ASSERT_RTNL();
267 
268 	pv = rtnl_dereference(port->vlan_info);
269 	if (pv)
270 		return __vlan_add(pv, vid);
271 
272 	/* Create port vlan infomration
273 	 */
274 	pv = kzalloc(sizeof(*pv), GFP_KERNEL);
275 	if (!pv) {
276 		err = -ENOMEM;
277 		goto clean_up;
278 	}
279 
280 	pv->port_idx = port->port_no;
281 	pv->parent.port = port;
282 	err = __vlan_add(pv, vid);
283 	if (err)
284 		goto clean_up;
285 
286 	rcu_assign_pointer(port->vlan_info, pv);
287 	return 0;
288 
289 clean_up:
290 	kfree(pv);
291 	return err;
292 }
293 
294 /* Must be protected by RTNL */
295 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid)
296 {
297 	struct net_port_vlans *pv;
298 
299 	ASSERT_RTNL();
300 
301 	pv = rtnl_dereference(port->vlan_info);
302 	if (!pv)
303 		return -EINVAL;
304 
305 	return __vlan_del(pv, vid);
306 }
307 
308 void nbp_vlan_flush(struct net_bridge_port *port)
309 {
310 	struct net_port_vlans *pv;
311 
312 	ASSERT_RTNL();
313 
314 	pv = rtnl_dereference(port->vlan_info);
315 	if (!pv)
316 		return;
317 
318 	__vlan_flush(pv);
319 }
320